Solved: Posture on Machine Behind IP Phone with power adapter

Neelesh Marathe · ‎10-23-2018

Team,

I am working with one of the Banks in India. They are running dot1x and posture on windows endpoints and IP Phones are getting authenticated using MAB. Edge switches are not PoE and IP Phones get power through power adapter. We are facing challenge in scenario where system is connected behind IP Phone.

When I remove machine cable from IP Phone, posture works fine and machine becomes compliant.

When I remove switch cable from IP Phone, IP phone network gets disconnected however IP Phone stays powered on as it is using external power. Machine network stays also connected and posture status on module does not get changed. Now when I plug the switch cable again in IP Phone, both phone and Machine get authenticated however posture module will not able to detect the network change. I tried enabling VLAN detection, periodic probing however it did not work

We are using following AnyConnect 4.4.04030 and compliance module 3611098.2

I am seeking your guidance for next course of action

Thanks,

Neelesh Marathe

hslai · ‎10-23-2018

If the PC not performing DOT1X after restoring the connectivity between the switch and the IP phone, then the user would have to un-plug and re-plug-in the cable of the PC. If DOT1X happens, then try Posture Enhancements in ISE 2.4 and AC 4.6.

View solution in original post

hslai · ‎10-23-2018

If the PC not performing DOT1X after restoring the connectivity between the switch and the IP phone, then the user would have to un-plug and re-plug-in the cable of the PC. If DOT1X happens, then try Posture Enhancements in ISE 2.4 and AC 4.6.